New Riva On-Premise installations include a new strategy to provide impersonation access into Salesforce: the Standard Impersonation Model. For instructions on implementing the Standard Impersonation Model, see Prepare Salesforce for Riva and Create and test a Salesforce connection.
For current Riva On-Premise installations that use Salesforce Single Sign-On, administrators are encouraged to upgrade their Riva for Salesforce connection setup to the Standard Impersonation Model. For assistance, contact the Riva Success Team.
The procedures in the following article have been deprecated. The information is being retained for clients who have not yet converted to the new Standard Impersonation Model.
Riva offers a no-cost Riva Single Sign-on (SSO) Provider service hosted "in the cloud". This hosted SSO Provider offers customers a means to self-enable Riva to use SSO for Salesforce. This hosted service supports customers with public internet access who use:
- Exchange Web Services (EWS) 2007 or 2010 - on-premise or hosted
- Salesforce: Professional, Enterprise or Unlimited subscriptions
How to Prepare for the Hosted Riva SSO Provider
Steps to prepare for the Hosted Riva SSO Provider for Salesforce:
Windows system requirements
- If Internet Explorer is configured to connect to a WPAD server:
- disable that setting, or
- configure an App.Setting that provides an alternate proxy connection, or
- configure the "Use Proxy" settings on the Riva connection to Salesforce.com. (after the connection is created).
- Configure local or corporate firewalls to enable connection to Salesforce.com.
- Confirm that you can log in to the Salesforce.com login web page (login.salesforce.com) from the Windows system hosting the Riva CRM server.
Prepare Exchange target users
Riva SSO for Salesforce has different username-matching requirements for on-premise Exchange versus hosted Exchange. Ensure that the usernames for the target user accounts in Exchange match the usernames for the corresponding target users in Salesforce:
-
For On-Premise Target Exchange Systems: Salesforce usernames must match the UPN of the Exchange target users. If the Active Directory domain uses a domain name (e.g. mycompany.local) that is different than the SMTP email domain name (e.g. mycompany.com), there will not be a match and Riva will not be able to match the Exchange target user to the Salesforce target user. In those circumstances the email domain name suffix can be added to the Active Directory domain – see this TechNet article to add UPN domain suffixes for instructions to configure UPN suffixes to match email domain name(s) if necessary.
-
For Hosted Target Exchange Systems: Salesforce usernames must match the user's primary SMTP email address.
Prepare Salesforce for SSO
These steps will enable Single Sign-On in a Salesforce organization. If a company uses multiple Salesforce organizations, these steps must be repeated for each organization. To prepare and enable a Salesforce organization for SSO:
-
Activate the “Delegated Authentication Single Sign-On” (DA-SSO) feature.
-
Configure a “Network Trust” for the hosted Riva SSO Provider.
-
Modify the Salesforce "System Administrator" user profile to support administering SSO-enabled target users.
-
Prepare SSO-enabled User Profiles / Permissions Sets. Required for Salesforce Enterprise and Unlimited organizations.